Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 1 Jul 2016 15:22:47 +0000 (UTC)
From:      Matthew Seaman <matthew@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r417890 - head/security/vuxml
Message-ID:  <201607011522.u61FMlvs038151@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: matthew
Date: Fri Jul  1 15:22:47 2016
New Revision: 417890
URL: https://svnweb.freebsd.org/changeset/ports/417890

Log:
  Belatedly document 12 security advisories about phpMyAdmin.
  Severities range from 'non-critical' to 'severe'

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Fri Jul  1 14:27:31 2016	(r417889)
+++ head/security/vuxml/vuln.xml	Fri Jul  1 15:22:47 2016	(r417890)
@@ -58,6 +58,243 @@ Notes:
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">;
+  <vuln vid="e7028e1d-3f9b-11e6-81f9-6805ca0b3d42">
+    <topic>phpMyAdmin -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>phpmyadmin</name>
+	<range><ge>4.6.0</ge><lt>4.6.3</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">;
+	<p>The phpMYAdmin development team reports:</p>
+	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-17/">;
+	  <h3>Summary</h3>
+	  <p>BBCode injection vulnerability</p>
+
+	  <h3>Description</h3>
+	  <p>A vulnerability was discovered that allows an BBCode
+	    injection to setup script in case it's not accessed on
+	    https.</p>
+
+	  <h3>Severity</h3>
+	  <p>We consider this to be non-critical.</p>
+	</blockquote>
+	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-18/">;
+	  <h3>Summary</h3>
+	  <p>Cookie attribute injection attack</p>
+
+	  <h3>Description</h3>
+	  <p>A vulnerability was found where, under some
+	    circumstances, an attacker can inject arbitrary values
+	    in the browser cookies.</p>
+
+	  <h3>Severity</h3>
+	  <p>We consider this to be non-critical.</p>
+	</blockquote>
+	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-19/">;
+	  <h3>Summary</h3>
+	  <p>SQL injection attack</p>
+
+	  <h3>Description</h3>
+	  <p>A vulnerability was discovered that allows an SQL
+	    injection attack to run arbitrary commands as the
+	    control user.</p>
+
+	  <h3>Severity</h3>
+	  <p>We consider this vulnerability to be serious</p>
+	</blockquote>
+	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-20/">;
+	  <h3>Summary</h3>
+	  <p>XSS on table structure page</p>
+
+	  <h3>Description</h3>
+	  <p>An XSS vulnerability was discovered on the table
+	    structure page</p>
+
+	  <h3>Severity</h3>
+	  <p>We consider this to be a serious
+	    vulnerability</p>
+	</blockquote>
+	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-21/">;
+	  <h3>Summary</h3>
+	  <p>Multiple XSS vulnerabilities</p>
+
+	  <h3>Description</h3>
+	  <ul>
+	    <li>An XSS vulnerability was discovered on the user
+	      privileges page.</li>
+	    <li>An XSS vulnerability was discovered in the error
+	      console.</li>
+	    <li>An XSS vulnerability was discovered in the central
+	      columns feature.</li>
+	    <li>An XSS vulnerability was discovered in the query
+	      bookmarks feature.</li>
+	    <li>An XSS vulnerability was discovered in the user groups
+	      feature.</li>
+	  </ul>
+
+	  <h3>Severity</h3>
+	  <p>We consider this to be a serious vulnerability</p>
+	</blockquote>
+	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-22/">;
+	  <h3>Summary</h3>
+	  <p>DOS attack</p>
+
+	  <h3>Description</h3>
+	  <p>A Denial Of Service (DOS) attack was discovered in
+	    the way phpMyAdmin loads some JavaScript files.</p>
+
+	  <h3>Severity</h3>
+	  <p>We consider this to be of moderate severity</p>
+	</blockquote>
+	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-23/">;
+	  <h3>Summary</h3>
+	  <p>Multiple full path disclosure vulnerabilities</p>
+
+	  <h3>Description</h3>
+	  <p>This PMASA contains information on multiple full-path
+	    disclosure vulnerabilities reported in phpMyAdmin.</p>
+	  <p>By specially crafting requests in the following
+	    areas, it is possible to trigger phpMyAdmin to display a
+	    PHP error message which contains the full path of the
+	    directory where phpMyAdmin is installed.</p>
+	   <ol>
+	     <li>Setup script</li>
+	     <li>Example OpenID authentication script</li>
+	   </ol>
+
+	   <h3>Severity</h3>
+	   <p>We consider these vulnerabilities to be
+	     non-critical.</p>
+	</blockquote>
+	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-24/">;
+	  <h3>Summary</h3>
+	  <p>XSS through FPD</p>
+
+	  <h3>Description</h3>
+	  <p>With a specially crafted request, it is possible to
+	    trigger an XSS attack through the example OpenID
+	    authentication script.</p>
+
+	  <h3>Severity</h3>
+	  <p>We do not consider this vulnerability to be
+	    secure due to the non-standard required PHP setting
+	    for html_errors.</p>
+	</blockquote>
+	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-25/">;
+	  <h3>Summary</h3>
+	  <p>XSS in partition range functionality</p>
+
+	  <h3>Description</h3>
+	  <p>A vulnerability was reported allowing a specially
+	    crafted table parameters to cause an XSS attack through
+	    the table structure page.</p>
+
+	  <h3>Severity</h3>
+	  <p>We consider this vulnerability to be severe.</p>
+	</blockquote>
+	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-26/">;
+	  <h3>Summary</h3>
+	  <p>Multiple XSS vulnerabilities</p>
+
+	  <h3>Description</h3>
+	  <ul>
+	    <li>A vulnerability was reported allowing a specially
+	      crafted table name to cause an XSS attack through the
+	      functionality to check database privileges.
+	      <ul>
+		<li>This XSS doesn't exist in some translations due to
+		  different quotes being used there (eg. Czech).</li>
+	      </ul>
+	    </li>
+	    <li>A vulnerability was reported allowing a
+	      specifically-configured MySQL server to execute an XSS
+	      attack. This particular attack requires configuring the
+	      MySQL server log_bin directive with the payload.</li>
+	    <li>Several XSS vulnerabilities were found with the
+	      Transformation feature</li>
+	    <li>Several XSS vulnerabilities were found in AJAX error
+	      handling</li>
+	    <li>Several XSS vulnerabilities were found in the Designer
+	      feature</li>
+	    <li>An XSS vulnerability was found in the charts
+	      feature</li>
+	    <li>An XSS vulnerability was found in the zoom search
+	      feature</li>
+	  </ul>
+
+	  <h3>Severity</h3>
+	  <p>We consider these attacks to be of moderate
+	    severity.</p>
+	</blockquote>
+	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-27/">;
+	  <h3>Summary</h3>
+	  <p>Unsafe handling of preg_replace parameters</p>
+
+	  <h3>Description</h3>
+	  <p>In some versions of PHP, it's possible for an
+	    attacker to pass parameters to the
+	    <code>preg_replace()</code> function which can allow the
+	    execution of arbitrary PHP code. This code is not
+	    properly sanitized in phpMyAdmin as part of the table
+	    search and replace feature.</p>
+
+	  <h3>Severity</h3>
+	  <p>We consider this vulnerability to be of moderate
+	    severity.</p>
+	</blockquote>
+	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-28/">;
+	  <h3>Summary</h3>
+	  <p>Referrer leak in transformations</p>
+
+	  <h3>Description</h3>
+	  <p>A vulnerability was reported where a specially
+	    crafted Transformation could be used to leak information
+	    including the authentication token. This could be used
+	    to direct a CSRF attack against a user.</p>
+	  <p>Furthermore, the CSP code used in version 4.0.x is
+	    outdated and has been updated to more modern
+	    standards.</p>
+
+	  <h3>Severity</h3>
+	  <p>We consider this to be of moderate severity</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>https://www.phpmyadmin.net/security/PMASA-2016-17/</url>;
+      <url>https://www.phpmyadmin.net/security/PMASA-2016-18/</url>;
+      <url>https://www.phpmyadmin.net/security/PMASA-2016-19/</url>;
+      <url>https://www.phpmyadmin.net/security/PMASA-2016-20/</url>;
+      <url>https://www.phpmyadmin.net/security/PMASA-2016-21/</url>;
+      <url>https://www.phpmyadmin.net/security/PMASA-2016-22/</url>;
+      <url>https://www.phpmyadmin.net/security/PMASA-2016-23/</url>;
+      <url>https://www.phpmyadmin.net/security/PMASA-2016-24/</url>;
+      <url>https://www.phpmyadmin.net/security/PMASA-2016-25/</url>;
+      <url>https://www.phpmyadmin.net/security/PMASA-2016-26/</url>;
+      <url>https://www.phpmyadmin.net/security/PMASA-2016-27/</url>;
+      <url>https://www.phpmyadmin.net/security/PMASA-2016-28/</url>;
+      <cvename>CVE-2016-5701</cvename>
+      <cvename>CVE-2016-5702</cvename>
+      <cvename>CVE-2016-5703</cvename>
+      <cvename>CVE-2016-5704</cvename>
+      <cvename>CVE-2016-5705</cvename>
+      <cvename>CVE-2016-5706</cvename>
+      <cvename>CVE-2016-5730</cvename>
+      <cvename>CVE-2016-5731</cvename>
+      <cvename>CVE-2016-5732</cvename>
+      <cvename>CVE-2016-5733</cvename>
+      <cvename>CVE-2016-5734</cvename>
+      <cvename>CVE-2016-5739</cvename>
+    </references>
+    <dates>
+      <discovery>2016-06-23</discovery>
+      <entry>2016-07-01</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="f1c219ba-3f14-11e6-b3c8-14dae9d210b8">
     <topic>haproxy -- denial of service</topic>
     <affects>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201607011522.u61FMlvs038151>